VYPR

CVEs

31,781 total · page 391 of 636

  • CVE-2021-25434CriJul 8, 2021
    risk 0.64cvss 9.8epss 0.02

    Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using param partition in wireless firmware download mode.

  • CVE-2021-21821CriJul 8, 2021
    risk 0.64cvss 9.8epss 0.02

    A stack-based buffer overflow vulnerability exists in the PDF process_fontname functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2021-28809CriJul 8, 2021
    risk 0.65cvss 9.8epss 0.16

    An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the operating system.QNAP have already fixed this vulnerability in the following versions of HBS…

  • CVE-2021-21807CriJul 7, 2021
    risk 0.64cvss 9.8epss 0.01

    An integer overflow vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2021-33221CriJul 7, 2021
    risk 0.68cvss 9.8epss 0.57

    An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints.

  • CVE-2021-33219CriJul 7, 2021
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts.

  • CVE-2021-33218CriJul 7, 2021
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access.

  • CVE-2021-33216CriJul 7, 2021
    risk 0.68cvss 9.8epss 0.14

    An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account.

  • CVE-2021-32538CriJul 7, 2021
    risk 0.64cvss 9.8epss 0.02

    ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files without logging in, and further execute code unrestrictedly.

  • CVE-2021-32535CriJul 7, 2021
    risk 0.64cvss 9.8epss 0.01

    The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0.

  • CVE-2021-32534CriJul 7, 2021
    risk 0.64cvss 9.8epss 0.02

    QSAN SANOS factory reset function does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0.

  • CVE-2021-32533CriJul 7, 2021
    risk 0.64cvss 9.8epss 0.02

    The QSAN SANOS setting page does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0.

  • CVE-2021-32531CriJul 7, 2021
    risk 0.64cvss 9.8epss 0.02

    OS command injection vulnerability in Init function in QSAN XEVO allows remote attackers to execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0.

  • CVE-2021-32530CriJul 7, 2021
    risk 0.64cvss 9.8epss 0.02

    OS command injection vulnerability in Array function in QSAN XEVO allows remote unauthenticated attackers to execute arbitrary commands via status parameter. The referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0.

  • CVE-2021-32529CriJul 7, 2021
    risk 0.64cvss 9.8epss 0.02

    Command injection vulnerability in QSAN XEVO, SANOS allows remote unauthenticated attackers to execute arbitrary commands. Suggest contacting with QSAN and refer to recommendations in QSAN Document.

  • CVE-2021-32525CriJul 7, 2021
    risk 0.59cvss 9.1epss 0.02

    The same hard-coded password in QSAN Storage Manager's in the firmware allows remote attackers to access the control interface with the administrator’s credential, entering the hard-coded password of the debug mode to execute the restricted system instructions. The referred…

  • CVE-2021-32524CriJul 7, 2021
    risk 0.59cvss 9.1epss 0.02

    Command injection vulnerability in QSAN Storage Manager allows remote privileged users to execute arbitrary commands. Suggest contacting with QSAN and refer to recommendations in QSAN Document.

  • CVE-2021-32523CriJul 7, 2021
    risk 0.59cvss 9.1epss 0.01

    Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to bypass the access control and execute arbitrary commands. Suggest contacting with QSAN and refer to recommendations in QSAN Document.

  • CVE-2021-32522CriJul 7, 2021
    risk 0.64cvss 9.8epss 0.01

    Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to discover users’ credentials and obtain access via a brute force attack. Suggest contacting with QSAN and refer to recommendations in QSAN…

  • CVE-2021-32520CriJul 7, 2021
    risk 0.64cvss 9.8epss 0.01

    Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows attackers to obtain users’ credentials and related permissions. Suggest contacting with QSAN and refer to recommendations in QSAN Document.

  • CVE-2021-32519CriJul 7, 2021
    risk 0.64cvss 9.8epss 0.01

    Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to recover the plain-text password by brute-forcing the MD5 hash. The referred vulnerability has been solved with the updated version of QSAN…

  • CVE-2021-32513CriJul 7, 2021
    risk 0.64cvss 9.8epss 0.02

    QsanTorture in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.

  • CVE-2021-32512CriJul 7, 2021
    risk 0.64cvss 9.8epss 0.02

    QuickInstall in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.

  • CVE-2020-24148CriJul 7, 2021
    risk 0.60cvss 9.1epss 0.15

    Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action.

  • CVE-2020-24147CriJul 7, 2021
    risk 0.59cvss 9.1epss 0.02

    Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1.0.0 for WordPress via the file field.

  • CVE-2020-24142CriJul 7, 2021
    risk 0.64cvss 9.8epss 0.02

    Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open…

  • CVE-2021-34624CriJul 7, 2021
    risk 0.64cvss 9.8epss 0.07

    A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 -…

  • CVE-2021-34623CriJul 7, 2021
    risk 0.64cvss 9.8epss 0.02

    A vulnerability in the image uploader component found in the ~/src/Classes/ImageUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 -…

  • CVE-2021-34622CriJul 7, 2021
    risk 0.64cvss 9.8epss 0.04

    A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their profile. This issue affects…

  • CVE-2021-34621CriJul 7, 2021
    risk 0.72cvss 9.8epss 0.69

    A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. This issue affects versions 3.0.0 - 3.1.3. .

  • CVE-2021-25952CriJul 7, 2021
    risk 0.57cvss 9.8epss 0.03

    Prototype pollution vulnerability in ‘just-safe-set’ versions 1.0.0 through 2.2.1 allows an attacker to cause a denial of service and may lead to remote code execution.

  • CVE-2021-20776CriJul 7, 2021
    risk 0.64cvss 9.8epss 0.01

    Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR allows an attacker to bypass access restriction and execute an arbitrary command via telnet.

  • CVE-2020-22249CriJul 6, 2021
    risk 0.64cvss 9.8epss 0.03

    Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which…

  • CVE-2021-24384CriJul 6, 2021
    risk 0.64cvss 9.8epss 0.02

    The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, leading to a PHP Object Injection issue. Even though the plugin does not have…

  • CVE-2021-24375CriJul 6, 2021
    risk 0.64cvss 9.8epss 0.03

    Lack of authentication or validation in motor_load_more, motor_gallery_load_more, motor_quick_view and motor_project_quick_view AJAX handlers of the Motor WordPress theme before 3.1.0 allows an unauthenticated attacker access to arbitrary files in the server file system, and to…

  • CVE-2021-35209CriJul 2, 2021
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. The value of the X-Host header overwrites the value of the Host header in proxied requests. The value of X-Host header is…

  • CVE-2021-36128CriJul 2, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented.

  • CVE-2021-36126CriJul 2, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36. If the MediaWiki:Abusefilter-blocker message is invalid within the content language, the filter user falls back to the English version, but that English version could also be invalid on a wiki. This…

  • CVE-2021-35029CriJul 2, 2021
    risk 0.64cvss 9.8epss 0.02

    An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands…

  • CVE-2021-35042CriJul 2, 2021
    risk 0.60cvss 9.8epss 0.44

    Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.

  • CVE-2021-35336CriJul 1, 2021
    risk 0.65cvss 9.8epss 0.12

    Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Access Control. A vulnerability in the Tieline Web Administrative Interface could allow an unauthenticated user to access a sensitive part of the system with a high privileged account.

  • CVE-2021-22343CriJul 1, 2021
    risk 0.59cvss 9.1epss 0.01

    There is a Configuration Defect vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service integrity and availability.

  • CVE-2021-36088CriJul 1, 2021
    risk 0.00cvss 9.8epss 0.02

    Fluent Bit (aka fluent-bit) 1.7.0 through 1.7.4 has a double free in flb_free (called from flb_parser_json_do and flb_parser_do).

  • CVE-2020-36400CriJul 1, 2021
    risk 0.57cvss 9.8epss 0.02

    ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, a different vulnerability than CVE-2021-20235.

  • CVE-2018-25017CriJul 1, 2021
    risk 0.00cvss 9.8epss 0.02

    RawSpeed (aka librawspeed) 3.1 has a heap-based buffer overflow in TableLookUp::setTable.

  • CVE-2021-28804CriJul 1, 2021
    risk 0.64cvss 9.8epss 0.02

    A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.1.1540 build…

  • CVE-2021-28802CriJul 1, 2021
    risk 0.64cvss 9.8epss 0.02

    A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.1.1540 build…

  • CVE-2021-22345CriJun 30, 2021
    risk 0.64cvss 9.8epss 0.01

    There is an Input Verification Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds memory write.

  • CVE-2021-22348CriJun 30, 2021
    risk 0.64cvss 9.8epss 0.01

    There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause code to execute.

  • CVE-2021-22367CriJun 30, 2021
    risk 0.64cvss 9.8epss 0.01

    There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may lead to authentication bypass.